Create a Section with Rules

Creates a new serviceinsertion section with rules. The limit on the number of
rules is defined by maxItems in collection types for ServiceInsertionRule
(ServiceInsertionRuleXXXList types). When invoked on a section with a large number
of rules, this API is supported only at low rates of invocation (not more
than 4-5 times per minute). The typical latency of this API with about 1024
rules is about 4-5 seconds. This API should not be invoked with large
payloads at automation speeds. More than 50 rules are not supported.

Instead, to create sections, use:
POST /api/v1/serviceinsertion/sections

To create rules, use:
POST /api/v1/serviceinsertion/sections/<section-id>/rules

Request:

Method:

POST

URI Path(s):

/api/v1/serviceinsertion/sections?action=create_with_rules

Request Headers:

n/a

Query Parameters:

ServiceInsertionInsertParameters+

Name	Description	Type	Notes
id	Identifier of the anchor rule or section. This is a required field in case operation like 'insert_before' and 'insert_after'.	string	Maximum length: 64
operation	Operation	string	Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top"

Request Body:

ServiceInsertionSectionRuleList+

ServiceInsertionSectionRuleList (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_tos	AppliedTo List List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.	array of ResourceReference	Maximum items: 128
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Default section flag It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.	boolean	Readonly
resource_type	Must be set to the value ServiceInsertionSectionRuleList	string
rule_count	Rule count Number of rules in this section.	integer	Readonly
rules	List of the Service Insertion rules List of Service Insertion rules in the section. Only homogeneous rules are supported.	array of ServiceInsertionRule	Required Maximum items: 1000
section_type	Section Type Type of the rules which a section can contain. Only homogeneous sections are supported.	string	Required Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful	Stateful nature of the distributed service rules in the section. Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.	boolean	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	TCP Strict Ensures that a three way TCP handshake is done before the data packets are sent if the value is set to be true. tcp_strict=true is supported only for stateful sections.	boolean	Default: "False"

Example Request:

POST https://<nsx-mgr>/api/v1/serviceinsertion/sections?action=create_with_rules&operation=insert_bottom { "section_type":"L3REDIRECT", "display_name":"another L3 Redirect Section with Rules", "stateful":false, "applied_tos": [ { "target_display_name": "Tier0-LR-1", "is_valid": true, "target_type": "LogicalRouter", "target_id": "1d9fb5cb-0344-4d7f-899a-afd93276899f" } ], "rules":[ { "display_name": "L3 redirect rule1", "action":"ALLOW", "direction":"IN_OUT", "redirect_tos": [ { "target_display_name": "service-1", "is_valid": true, "target_type": "ServiceInstance", "target_id": "1d9fb5cb-0344-4d7f-899a-afd93276899f" } ], "applied_tos": [ { "target_display_name": "plr1_uplink1", "is_valid": true, "target_type": "LogicalRouterPort", "target_id": "bd91fc7f-cd76-438b-8d4f-21dbdc707af7" } ], "sources": [ { "target_display_name": "192.168.100.5", "is_valid": true, "target_type": "IPv4Address", "target_id": "192.168.100.5" } ], "destinations": [ { "target_display_name": "192.168.100.6", "is_valid": true, "target_type": "IPv4Address", "target_id": "192.168.100.5" } ] } ] }

Successful Response:

Response Code:

201 Created

Response Headers:

Content-type: application/json

Response Body:

ServiceInsertionSectionRuleList+

ServiceInsertionSectionRuleList (schema)

Name	Description	Type	Notes
_create_time	Timestamp of resource creation	EpochMsTimestamp	Readonly Sortable
_create_user	ID of the user who created this resource	string	Readonly
_last_modified_time	Timestamp of last modification	EpochMsTimestamp	Readonly Sortable
_last_modified_user	ID of the user who last modified this resource	string	Readonly
_links	References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST.	array of ResourceLink	Readonly
_protection	Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity.	string	Readonly
_revision	Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected.	int
_schema	Schema for this resource	string	Readonly
_self	Link to this resource	SelfResourceLink	Readonly
_system_owned	Indicates system owned resource	boolean	Readonly
applied_tos	AppliedTo List List of objects where the rules in this section will be enforced. This will take precedence over rule level appliedTo.	array of ResourceReference	Maximum items: 128
description	Description of this resource	string	Maximum length: 1024 Sortable
display_name	Identifier to use when displaying entity in logs or GUI Defaults to ID if not set	string	Maximum length: 255 Sortable
id	Unique identifier of this resource	string	Sortable
is_default	Default section flag It is a boolean flag which reflects whether a distributed service section is default section or not. Each Layer 3 and Layer 2 section will have at least and at most one default section.	boolean	Readonly
resource_type	Must be set to the value ServiceInsertionSectionRuleList	string
rule_count	Rule count Number of rules in this section.	integer	Readonly
rules	List of the Service Insertion rules List of Service Insertion rules in the section. Only homogeneous rules are supported.	array of ServiceInsertionRule	Required Maximum items: 1000
section_type	Section Type Type of the rules which a section can contain. Only homogeneous sections are supported.	string	Required Enum: LAYER2, LAYER3, L3REDIRECT, IDS
stateful	Stateful nature of the distributed service rules in the section. Stateful or Stateless nature of distributed service section is enforced on all rules inside the section. Layer3 sections can be stateful or stateless. Layer2 sections can only be stateless.	boolean	Required
tags	Opaque identifiers meaningful to the API user	array of Tag	Maximum items: 30
tcp_strict	TCP Strict Ensures that a three way TCP handshake is done before the data packets are sent if the value is set to be true. tcp_strict=true is supported only for stateful sections.	boolean	Default: "False"

Example Response:

{ "resource_type": "ServiceInsertionSectionRuleList", "id": "3222f90e-921c-46ea-be64-99b1c0c51838", "display_name":"another L3 Redirect Section with Rules", "section_type": "L3REDIRECT", "is_default": false, "stateful": false, "rule_count": 1, "applied_tos": [ { "target_display_name": "Tier0-LR-1", "is_valid": true, "target_type": "LogicalRouter", "target_id": "1d9fb5cb-0344-4d7f-899a-afd93276899f" } ], "rules": [ { "id": "1430528", "display_name": "L3 redirect rule1", "section_id": "3222f90e-921c-46ea-be64-99b1c0c51838", "destinations_excluded": false, "redirect_tos": [ { "target_display_name": "service-1", "is_valid": true, "target_type": "ServiceInstance", "target_id": "1d9fb5cb-0344-4d7f-899a-afd93276899f" } ], "sources": [ { "target_display_name": "192.168.100.5", "is_valid": true, "target_type": "IPv4Address", "target_id": "192.168.100.5" } ], "applied_tos": [ { "target_display_name": "plr1_uplink1", "is_valid": true, "target_type": "LogicalRouterPort", "target_id": "bd91fc7f-cd76-438b-8d4f-21dbdc707af7" } ], "destinations": [ { "target_display_name": "192.168.100.5", "is_valid": true, "target_type": "IPv4Address", "target_id": "192.168.100.5" } ], "ip_protocol": "IPV4_IPV6", "logged": false, "action": "ALLOW", "sources_excluded": false, "disabled": false, "direction": "IN_OUT", "_revision": 0 } ], "_create_time": 1446242294559, "_last_modified_user": "admin", "_system_owned": false, "_last_modified_time": 1446242294559, "_create_user": "admin", "_revision": 0 }

Create a Section with Rules

Request:

ServiceInsertionInsertParameters (schema)

ServiceInsertionSectionRuleList (schema)

Example Request:

Successful Response:

ServiceInsertionSectionRuleList (schema)

Example Response:

Required Permissions:

Feature:

Additional Errors: